#!/bin/bash

iplist=(100.10.1.137/24 100.10.1.138 100.10.1.175 100.10.1.176)
port=(22 10022)

echo "重启firewalld服务"
sudo systemctl restart firewalld

echo "获取网卡名"
Net=`ip addr|grep "<BROADCAST,MULTICAST,UP,LOWER_UP>"|awk NR==1|awk '{print $2}'| sed s/[:]*$//g`

echo "添加网卡至public区"
sudo firewall-cmd --zone=public --add-interface=$Net --permanent 

echo "指定IP地址放开"
#firewall-cmd --permanent --zone=public --add-source={192.168.1.0/24,192.168.2.0/24,192.168.3.0/24}
for i in ${iplist[@]}
do
	sudo firewall-cmd --permanent --zone=public --add-source=$i
done
 
echo "指定tcp端口放开"
 for i in ${port[@]}
do
	sudo firewall-cmd --permanent --zone=public --add-port=$i/tcp
done
 
echo "重新加载防火墙配置，使规则生效"
sudo firewall-cmd --reload

echo "public区规则如下："
sudo firewall-cmd --zone=public --list-all